We don’t have minor version branches. There’s a single repository version, that is “7”. Since monday we reached (say) milestone 7.4. But the latest 7.3 is almost equal to the first 7.4: it’s a continuum, rolling release.
In short the question is
What to do on systems that are not updated to the latest version?
The fix can be installed on any ns7 updated to September 8. That day we released another important security fix (CSRF token) and any subsequent update must include it to avoid breaking dependencies.
So the solution for non-updated systems is to cherry-pick the fix with
yum localinstall http://....
I agree, and we have also the solution, I think: the Stephan’s contrib, based on yum-cron!